APPLICATION NO. | FE.INGDATE | FIRST NAMED INVENTOR | ATTORNEY DOCKET NO. | CONFIRMATION NO. 

09/426,442 10/25/1999 SHARYN MARIE GARRITY 99-703 1897 



32127 7590 02/01/2012 

VERIZON LEGAL DEPARTMENT 
PATENT MANAGEMENT GROUP 
1320 N. COURTHOUSE ROAD 
9TH FLOOR 

ARLINGTON, VA 22201-2525 



EXAMINER 



BROWN, CHRISTOPHER J 



ART UNIT PAPER NUMBER 



2439 



NOTIFICATION DATE | DELIVERY MODE 
02/01/2012 ELECTRONIC 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 
following e-mail address(es): 
patents @ VERIZ0N.COM 



PTOL-90A (Rev. 04/07) 



UNITED STATES PATENT AND TRADEMARK OFFICE 



BEFORE THE BOARD OF PATENT APPEALS 
AND INTERFERENCES 



Ex parte SHARYN MARIE GARRITY, RONALD LEWIS SCOTT, and 
AARON MARK HELSINGER 



Appeal 2011-007407 
Application 09/426,442 
Technology Center 2 1 00 

Before SCOTT R. BOALICK, STEPHEN C. SIU, and JOSIAH C. COCKS, 
Administrative Patent Judges. 

SIU, Administrative Patent Judge. 

DECISION ON APPEAL 
STATEMENT OF THE CASE 
This is a decision on appeal under 35 U.S.C. § 134(a) from the 
Examiner's rejection of claims 1, 18-23, 25-33, and 35-37. We have 
jurisdiction under 35 U.S.C. § 6(b). 

The Invention 

The disclosed invention relates generally to "providing secure access 
and transactions using an extranet" (Spec. 3). 
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Independent claim 1 is illustrative: 

1 . An access system for a computer site, comprising: 
a certificate authentication component to verify a user's identity 
from a digital certificate supplied by the user, 

a directory, coupled to the certificate authentication component, 
to maintain an account for each individual user, each account 
containing an access policy specifying at least one portion of the 
computer site to which the corresponding user is permitted access, 
each account further containing at least one of an internet protocol 
(IP) address and a certificate authorization method associated with the 
user, and 

an access control system, in computer hardware coupled to the 
directory, for controlling access to computer site by permitting the 
user to access a portion of the computer site and restricting the user 
from accessing at least one other portion of the computer site, based 
on the access policy associated with the individual user in a directory, 
wherein the access policy is used to provide tiered access for different 
sets of users to a plurality of security levels. 
(App. Br. 16, Claims Appendix.) 



The Examiner relies upon the following references as evidence in 
support of the rejections: 
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The Rejections 

1. The Examiner rejects claims 1, 19, 20, 24-27, 29, 30, and 34-36 under 
35 U.S. C. § 103(a) as being unpatentable over Davis, Schneider, and 
Kuhn.^ 

2. The Examiner rejects claims 21, 22, 31, 32, and 37 under 35 U.S.C. 
§ 103(a) as being unpatentable over Davis, Schneider, Kuhn and 
Gupta. 

3. The Examiner rejects claims 18, 23, 28, and 33 under 35 U.S.C. 

§ 103(a) as being unpatentable over Davis, Schneider, Kuhn, and 
Ginzboorg. 

ISSUE 

Did the Examiner err in determining that the combination of Davis, 
Schneider, and Kuhn discloses or suggests an account for a user containing 
at least one of an internet protocol (IP) address and a certificate 
authorization method associated with the user? 



^ The Examiner rejects claims 24 and 34 as obvious over Davis, Schneider, 
and Kuhn (Ans. 5, 7). While Appellants confirm this rejection (App. Br. 
10), Appellants also indicate that claims 24 and 34 are not pending (App. 
Br. 5). Since there does not appear to be any other indication that claims 24 
and 34 are no longer pending, we assume that claims 24 and 34 are currently 
pending and stand rejected as being obvious over Davis, Schneider, and 
Kuhn. 
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FINDINGS OF FACT 

1 . Schneider discloses an "access filter 203 which identifies a user and 
an information resource with an indication 311 of whether the 
request will be granted or denied" (col. 9, 11. 12-14) and a "database 
301 . . . [containing] user identification information 313, which 
identifies the user" (col. 9, 11. 59-61). 

2. Schneider discloses a "database 301" (col. 18, 1. 61) that contains a 
"[cjertificate via User Identification Client" (col. 19, 1. 1) for 
identifying "a user and an information resource with an indication . . 
. of whether the request [for access] will be granted or denied" (col. 
9, 11. 12-14). 

PRINCIPLES OF LAW 
The question of obviousness is resolved on the basis of underlying 
factual determinations including (1) the scope and content of the prior art, 

(2) any differences between the claimed subject matter and the prior art, and 

(3) the level of skill in the art. Graham v. John Deere Co. Kansas City, 383 
U.S. 1, 17-18 (1966). 

"The combination of familiar elements according to known methods 
is likely to be obvious when it does no more than yield predictable results." 
KSR Int'l Co. V. Teleflex, Inc., 550 U.S. 398, 416 (2007). 
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ANALYSIS 

Appellants assert that "Schneider does not teach or suggest 'each 
account further containing at least one of an Internet protocol (IP) address 
and a certificate authorization method associated with the user,' as recited in 
claim 1" (App. Br. 14). 

As set forth above, Schneider discloses an "access filter" that 
identifies a user (FF 1) from user identification information stored in a 
database (FF 1). Schneider also discloses that the database contains an "IP 
address" (col. 19, 1. 19), which is "associated with the user." Such an "IP 
address is associated with the user because the "IP address" identifies "the 
user's computer" (col. 19, 1. 20). Since the IP address identifies the user's 
computer and one of ordinary skill in the art would have understood that a 
computer is "associated with" the corresponding owner (i.e., an owner of a 
computer is "associated with" the computer that the owner owns), we agree 
with the Examiner that an "IP address" that identifies a user's computer is 
"associated" with the user. 

Appellants also argue that "Schneider does not teach or suggest an 
account containing 'a certificate authorization method associated with the 
user,' as recited in claim 1" (Reply Br. 2). First, we note that claim 1 
requires at least one of an IP address and a certificate authorization method. 
Therefore, claim 1 does not require a certificate authorization method as 
long as an IP address is provided. As described above, Schneider discloses 
an IP address as recited in claim 1 . 

5 
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In any event, Appellants do not indicate an explicit definition for the 
term "certificate authorization method." Under a broad but reasonable 
interpretation in view of the Specification and based on the ordinary and 
customary meaning of the specific terms used, the above-quoted term 
reasonably includes any method of authorizing access to data for a user in 
which a certificate is used. We agree that Schneider discloses this feature. 
As stated above, Schneider discloses a method of granting or denying access 
to data for a user based on identification data for a user stored in a database, 
the identification data including a certificate (FF 2). Appellants have not 
pointed to any substantial differences between Schneider's disclosure of 
using a certificate in a method for authorization of a user for access to 
specified data and a "certificate authorization method" as recited in claim 1 . 

Claims 27 and 37 recite similar features as claim 1. Appellants 
provide no additional arguments either with regard to the Davis, Kuhn, 
Gupta, or Ginsboorg references or in support of dependent claims 18-23, 25, 
26,28-33, 35, and 36. 

We therefore affirm the Examiner's rejection of claims 1, 27, and 37, 
and of claims 18-23, 25, 26, 28-33, 35, and 36, which fall therewith. 

CONCLUSION OF LAW 
Based on the findings of facts and analysis above, we conclude that 
the Examiner did not err in determining that the combination of Davis, 
Schneider, and Kuhn discloses or suggests an account for a user containing 
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at least one of an internet protocol (IP) address and a certificate 
authorization method associated with the user. 

DECISION 

We affirm the Examiner's decision rejecting claims 1, 18-23, 25-33, 
and 35-37 under 35 U.S.C. § 103. 

No time period for taking any subsequent action in connection with 
this appeal may be extended under 37 C.F.R. § 1.136(a)(l)(iv). 

AFFIRMED 

rvb 



7 



